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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
09/26/05 has been entered. 

Response to Arguments 

Applicant's arguments filed 09/26/2005 have been fuiiy considered but they are 
not persuasive. 

As argued by applicants: 

(a) Bapat et al does not teach a calculation expression, for controlling access to a database, that can 
be evaluated based on a state variable of a database (claims 14,41 and 47). 

(b) Bapat et al does not teach a calculation expression, for controlling access to a database, that can 
be evaluated based on a field of a record in the database (claims 11, 38 and 43). 



(c) Bapat et al does not teach a calculation expression for controlling access to a database with can 
be evaluated to determine access (claims 1 1 , 38 and 43). 
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(d) Bapat et al. and Elmasri taken alone, or properly combined do not teach or suggest defining a 
calculation expression for a password. 



Examiner respectfully disagrees because of the following reasons: 
(a) 



Granted Permissions Table for Table 1 
1502 --^jserName 



user x 



user x 



user_y 



jser y 



user z 



1510 iroup a 



Object Name 



object_xyz 



objectjqra 



object_xyz 



object, abc" 



object def 



object hii 



Operation Type 



SELECT 



UPDATE 



SELECT 
DELETE 



SELECT 



SELECT 



SELECT 



The Granted Permissions Table above (FIG. 15, Col. 26, Lines 29-41) is defined 
by system administrator (Col. 26, Lines 18-19). Each row of the Granted Permissions 
Table is defined by a meaningful combination of characters or expression to specify a 
record access right for a user. A row in the Granted Permissions explicitly defines an 
access right of a user to a record in the database with its Fully Distinguished Name as a 
key is equal to the specified Fully Distinguished Name in the Granted Permissions 
Table. For example, based on the first row of the Granted Permissions Table, a User 
Name = user_x has Operation Type = delete on any record that has Object Name = 
object_xyz. As seen, each row expression in the Granted Permissions Table is a 
calculation expression with a plurality of implied EQUAL OPERATOR, and is evaluated by 
the FDN field of the record to determine the access right. 

Applicants pointed examiner to a definition of the term "state" in Microsoft's 
computer dictionary. However as recited in claims 14, 41 and 47, calculation expression can be 
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evaluated at least partly based on at least one state variable of said database, and in the Specification of 

the Application (Summary): 

... the expression can be based on fields of the records as well as other information, for example, various 
state variables of the database (e.g.. date, time, number of records, etc.) 

In light Of the Specification, the state variables COUld be date, time, number of records, etc. 

As further disclosed by Bapat at Col. 26, Lines 55-57 and 60-63, by convention, 
the permissions tables use a special object name value, such as a database NULL 
value to represent "all objects". For a system with 5,000 managed objects, only one 
entry is required (Col. 27, Lines 30-36). 

GRANT TABLE: (U1 , NULL, Op1 ) 

Thus, by USing NULL variable, the calculation expression (U1 , NULL, Op1 ) can be 
evaluated based on a state variable of a database, e.g., NULL indicates 5,000 records. 

(b) As shown in FIG. 10, TABLE 310 is illustrated, wherein FDN is a field of 
data used in a plurality of records stored in database. As discussed above, each row 
expression in the Granted Permissions Table is a calculation expression with a plurality of 

implied EQUAL OPERATOR, and is evaluated based on FDN as a field of a record in the database 

to determine the access right. 

(c) As discussed above, each row in the Granted Permissions Table explicitly 
defines an access right of a user to a record in the database with its Fully Distinguished 
Name is equal to the specified Fully Distinguished Name in the Granted Permissions 
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Table. For example, based on a row of the Granted Permissions Table, a user_x can 
delete any record that has Object Name (FDN) = Record (FDN). As seen, each row 
expression in the Granted Permissions Table is a mathematical process, (Object Name (FDN) 
= Record (FDN), evaluated by the FDN field of the record to determine the access right. 

(d) In response to applicant's argument that there is no suggestion to combine 
the references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See in re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), and in re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, the process of 
assigning a password and identifying password is a conventional technique, which was 
used for security purpose, and password is a must for Bapat method and system in 
order to have a more secure database system. 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 
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Claims 11 and 14 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains 
subject matter which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the 
time the application was filed, had possession of the claimed invention. 

As in Claims 1 1 , the Clause wherein said evaluating comprises determining at least one value for 
said at least one field of data and using said at least one value as input to said calculation expression W3S not 

described in the specification. 

As in Claim 1 4, the Clause wherein said state variable can indicate the condition of an element of 

said database at a particular time was not described in the specification. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 

the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 

the various claims was commonly owned at the time any inventions covered therein 

were made absent any evidence to the contrary. Applicant is advised of the obligation 
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under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

Claims 11-15 and 38-42 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bapat et al. [USP 6,236,996 B1] in view of Elmasri et al. 
[Fundamentals of Database System]. 

Regarding claims 1 1 and 38, Bapat teaches a method and program for 
controlling managed objects. The method comprising: 

defining a calculation expression, wherein said calculation expression is a variable expression defined 
based on at least one field of data used in a plurality of records stored in said database (As Shown in FIG. 

14, tables 310 and 320 as in FIG. 1 1 A are stored in a conventional DBMS 280 (Col. 25, 
lines 49-50). Rows 311, 312, 321, 322 of the tables 310, 320 contain management 
information for managed objects (Col. 25, lines 60-61). The FDN operates as the 
primary key to the data stored in the table and to determine which managed objects that 
a particular user is permitted to access or modify (Col. 19, lines 36-40). Access control 
for a particular user on a particular managed object is defined by a permissions table as 
shown below (Col. 26, lines 10-12). 
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Granted Permissions Table for Table 1 
1502 "NUser Name 



user x 



user x 



user_y 



user y 



user z 



1510 -> group a 



group z 



Object Name 



objecLxyz 



object_qr3 



ofajectxyz 
otojecLabc" 



object def 



object hli 



object jld 



Operation Type 
SELECT 



UPDATE 
SELECT 



DELETE 



SELECT 



SELECT 



SELECT 



A permission entry 1502 is tuple having three fields, user name, object name, 
and operation type. The object name, preferably, is the FDN or Full Distinguish Name 
for a managed object (Col. 26, Lines 28-33). Referring to FIG. 1 1 A as shown below, 
each row in the database tables includes a field called the Fully Distinguished Name or 
FDN of a managed object followed by columns of data. For example, an FDN can look 
like /systemid-^ysl^owne^'accompany^devicetype-'router" (Col. 19, Lines 24-35). 



Row 


FON | 


Data 1 1 


... | Data N 



As seen, each row of the Granted Permissions Table is defined by a meaningful 
combination of variable characters or variable expression to specify a record access right for 
a user, wherein each row in the Granted Permissions explicitly defines an access right 
of a user to a record in the database with its Fully Distinguished Name as a key is equal 
to the specified Fully Distinguished Name in the Granted Permissions Table. For 
example, based on the first row of the Granted Permissions Table, a User Name = 
user_x has Operation Type = delete on any record that has Object Name = object_xyz. 
Thus, each row expression in the Granted Permissions Table is a calculation expression 
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with a plurality of implied EQUAL OPERATOR, and is evaluated by the FDN field of the 
record to determine the access right) and 

calculation expression can be evaluated at least partly based on said at least one field of data used in 

said plurality of records (Col. 28, Lines 1-3, the Grant table is checked to see if user has 
specific granted items, e.g., FDN, and as discussed above, FDN is at least one field of data 

used in said plurality of records Of FIG. 1 1 A), 

wherein said at least one filed of data is a variable which may have different values for each of said 
plurality of records (FIG. 10, tables 310 and 320, FDN field is a variable which may have different 

values for each of said plurality of records), 

thereby allowing access to various field of data stored in said plurality of record to be selectively 

controlled (Col. 20, Lines 7-32, SELECT*, FROM view_table1_max WHERE FDN = 
"a/b/c", by using SELECT*, if FDN is matched with FDN in Grant table, the other fields 
as in tables 310 and 320 will be accessed, wherein the record is selectively controlled 
by FDN) and 

wherein expression defines access privileges of said one or more users with respect to at least one 
operation that may be requested to be performed by said one or more users on said plurality of records of said 

database (FIG. 15 A and B). 

When a user 300 issues an SQL command to access the DBMS 280 (Col. 22, 
lines 24-26, Col. 25, lines 65-67) for the status of all routers in the network or for 
information about a specified list of managed objects (Col. 28, lines 27-30) with an 

Operation as Specified in FIG. 15A as receiving a request to perform said at least one operation on said 
plurality of records of said database, said request being identified as a request made by said one or more users 

associated with user name. 



Application/Control Number: 09/771 ,143 Page 10 

Art Unit: 2168 

Access Control is enforced by evaluating user name, object name and operation 

type as said calculation expression for said each of said plurality of records, based on said at least one field of 

data, when said request has been received; said evaluation returning only one of two possible values for each of 
said plurality of records, one of said possible values indicating that said at least one operation should be granted 
and another one of said possible values indicating that said at least one operation should be denied; granting said 
at least one operation to be performed when said evaluation returns one said possible value to indicate that said 
at least one operation should be granted; and denying said at least one operation to be performed when said 
evaluation returns one said another possible value to indicate that said at least one operation should be denied 

(Col. 27, line 45-Col. 28, line 26); 

wherein said evaluating comprises determining at least one value for said at least one field of data and 
using said at least one value as input to said calculation expression (An SQL Command is USed to 

access management information in DBMS (Col. 25, Line 66-Col. 26, Lines 3). SQL is in 
the form SELECT FROM WHERE. WHERE clause is to specify a value of FDN (Col. 
20, Lines 28-32), wherein FDN is used as the key that determines which managed 
objects the user is permitted to access (Col. 19, Lines 35-40). The Grant table is check 
to see if user has specific granted items and grant access if matching (Col. 28, Lines 1- 

3). AS Seen, FDN Value in SQL Command as at least one value for said at least one field of data \S 

determined in SQL command, and FDN value is used as input to compare with a particular 
row that has the same FDN value. In short, the technique of comparing FDN in SQL 
command with FDN in Grant table indicates the step using said at least one value as input to said 
calculation expression). 

The missing Of Bapat technique is the Step identifying a password that is associated 
with one or more users of said database. 



Application/Control Number: 09/771 ,143 Page 1 1 

Art Unit: 2168 

Elmasri teaches a method of protecting access to a database system by identifying 

a password that is associated with one or more users of said database (Elmasri, page 718). 

Therefore, it would have been obvious for one of ordinary skill in the art at the 
time the invention was made to modify the Bapat method by using a password to 
identify a user a taught by Elmasri in order to have a more secure database system. 

Regarding claims 12 and 39, and Bapat and Elmasri, in combination, teach all of 
the claimed subject matter as discussed above with respect to claims 1 1 and 38, Bapat 

further discloses at least one operation can beabrowse, an edit, or a delete operation (FIG. 15A and B). 

Regarding claims 13 and 40, Bapat and Elmasri, in combination, teach all of the 
claimed subject matter as discussed above with respect to claims 1 1 and 38, Bapat 

further discloses calculation expression is not explicitly defined for said at least one operation but said 
calculation expression is one that has been defined for another operation which has been considered as a related 
operation to said at least one operation (FIG. 1 5A). 

Regarding claims 14 and 41 , Bapat and Elmasri, in combination, teach all of the 
claimed subject matter as discussed above with respect to claims 1 1 and 38, Bapat 

further discloses said calculation expression can be evaluated at least partly based on at least one state 
variable of said database, wherein said state variable can indicate the condition of an element of said database at 

a particular time (As further disclosed by Bapat at Col. 26, Lines 55-57 and 60-63, by 
convention, the permissions tables use a special object name value, such as a 
database NULL value to represent "all objects". For a system with 5,000 managed 
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objects, only one entry is required (Col. 27, Lines 30-36). GRANT TABLE: (U1, NULL, 

Op1). Thus, by USing NULL Variable, the calculation expression (U1 , NULL, Op1) can be 
evaluated based on a state variable of a database, e.g., NULL indicates 5,000 records, and the 

number of record is the condition of database at that particular time, because the 
number of records in the database can be changed overtime, e.g., by deleting or 
inserting). 

Regarding claims 15 and 42, Bapat and Elmasri, in combination, teach all of the 
claimed subject matter as discussed above with respect to claims 14 and 38, Bapat 

further discloses the Step Of granting temporary or limited access to said at least one record to allow said 
evaluating of said calculation expression (FIG. 1 5A). 

Claims 43 and 45-47 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bapat et al. [USP 6,236,996 B1] in view of Glasser et al. USP 
6,308,173 B1]. 

Regarding claim 43, Bapat teaches a database system comprising: 

a database including a plurality of records stored therein (Col. 25, Lines 49-50 and 55-59); 
a database program that can access said database and can be used as an interface to said database 

(Col. 7, Lines 45-67), 

wherein said database program can be used to: 

define a calculation expression for controlling access to said plurality records in said databases, 
wherein said calculation expression is a variable expression defined based on a least one field of data used in a 
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plurality of records stored in said database (As Shown in FIG. 14, tables 310 and 320 as in FIG. 

1 1 A are stored in a conventional DBMS 280 (Col. 25, lines 49-50). Rows 31 1 , 312, 321, 
322 of the tables 310, 320 contain management information for managed objects (Col. 
25, lines 60-61). The FDN operates as the primary key to the data stored in the table 
and to determine which managed objects that a particular user is permitted to access or 
modify (Col. 19, lines 36-40). Access control for a particular user on a particular 
managed object is defined by a permissions table as shown below (Col. 26, lines 10- 
12). 



Granted Permissions Table for Table 1 
1502 -"HUser Name 



user x 



user x 



user_y 



user y 



user z 



1510 ■> group a 



group z 



Object Name 



objecQcyz 



object^qrs 



ooject_xyz 

objedabc" 



object def 



object hii 



object Jid 



Operation Type 



SELECT 



UPDATE 



SELECT 
DELETE 



SELECT 



SELECT 



SELECT 



A permission entry 1502 is tuple having three fields, user name, object name, 
and operation type. The object name, preferably, is the FDN or Full Distinguish Name 
for a managed object (Col. 26, Lines 28-33). Referring to FIG. 1 1 A as shown below, 
each row in the database tables includes a field called the Fully Distinguished Name or 
FDN of a managed object followed by columns of data. For example, an FDN can look 
like /systemid="sys1 , 7owner= ,, accompany , 7devicetype= ,, router" (Col. 19, Lines 24-35). 



Row 



FDN \ Data 1 1 ... | DataN 
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As seen, each row of the Granted Permissions Table is defined by a meaningful 
combination of variable characters or variable expression to specify a record access right for 
a user, wherein each row in the Granted Permissions explicitly defines an access right 
of a user to a record in the database with its Fully Distinguished Name as a key is equal 
to the specified Fully Distinguished Name in the Granted Permissions Table. For 
example, based on the first row of the Granted Permissions Table, a User Name = 
user_x has Operation Type = delete on any record that has Object Name = object_xyz. 
Thus, each row expression in the Granted Permissions Table is a calculation expression with 
a plurality of implied EQUAL OPERATOR, and is evaluated by the FDN field of the 
record to determine the access right) and 

calculation can be evaluated at least partly based on said at least one field (Col. 28, Lines 1 -3, the 

Grant table is checked to see if user has specific granted items, e.g., FDN, and as 

diSCUSSed above, FDN iS at least one field of data used in said plurality of records Of FIG. 11 A), 

wherein said at least one field of data is a variable which may have different values for each of said 
plurality of records (FIG. 10, tables 310 and 320, FDN field iS a variable which may have different 

values for each of said plurality of records), 

thereby allowing access to said plurality of records to be selectively determined based on said calculation 

expression (Col. 20, Lines 7-32, SELECT*, FROM viewjable1_max WHERE FDN = 
"a/b/c", by using SELECT*, if FDN is matched with FDN in Grant table, the other fields 
as in tables 310 and 320 will be accessed, wherein the record is selectively controlled 
by FDN) and 

wherein said database program is further capable of: 
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receiving a request to perform at least one operation on said plurality of records in said 

database (Col. 20, Lines 23-31); 

evaluating said calculation expression for each of said plurality of records, wherein said 
evaluation returns only one of two possible values for each of said plurality of records, one of said 
possible values indicating that said at least one operation should be granted and another one of said 
possible values indicating that said at least one operation should be denied (Col. 27, Line 45-Col. 

28, Line 26); 

wherein said evaluating comprise determining at least one value for said at least one field of 
data and using at least one value as input to said calculation expression (An SQL Command is 

used to access management information in DBMS (Col. 25, Line 66-Col. 26, 
Lines 3). SQL is in the form SELECT FROM WHERE. WHERE clause is to 
specify a value of FDN (Col. 20, Lines 28-32), wherein FDN is used as the key 
that determines which managed objects the user is permitted to access (Col. 19, 
Lines 35-40). The Grant table is check to see if user has specific granted items 
and grant access if matching (Col. 28, Lines 1-3). As seen, FDN value in SQL 

Command as at least one value for said at least one field of data \S determined in SQL 

command, and FDN value is used as input to compare with a particular row that 
has the same FDN value. In short, the technique of comparing FDN in SQL 
command with FDN in Grant table indicates the step using said at least one value as input 
to said calculation expression)] 

granting said at least one operation to be performed when said evaluation returns one said 
possible value to indicate that said at least one operation should be granted (Col. 28, Lines 1-3); 

and 
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denying said at least one operation to be performed when said evaluation returns one said 
another possible value to indicate that said at least one operation should be denied (Col. 28, Lines 

4-10). 

Bapat does not explicitly teach Graphical User interface is included to define 
expression. 

However, as disclosed by Bapat, the system administrator 302 creates the 
permissions tables prior to use of the DBMS 280 by end users. The system 
administrator 302 invokes a call 440 to the Create _Permiss ions jrables 442 
procedure of the DBMS 280 (Bapat, Col. 26, lines 18-27). As seen, in order to create 
the permission table by the Create_Permissions_Tables procedure, obviously, a 
Graphical User interface has to be used to enter the user name, FDN and access control 
code as discussed above. Glasser teaches a Graphical User Interface for defining 
access control expression (Glasser, FIG. 6B). 

Therefore, it would have been obvious for one of ordinary skill in the art at the 
time the invention was made to include a Graphical User Interface as taught by Glasser 
in order to have a friendly system to define access right for a user. 

Regarding claim 45, Bapat and Glasser, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 43, Bapat further discloses at 

least one operation can be a browse, an edit, or a delete operation (FIG. 15A and B). 
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Regarding claim 46, Bapat and Glasser, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 43, Bapat further discloses 

calculation expression is not explicitly defined for said at least one operation but said calculation expression is 
one that has been defined for another operation which has been considered as a related operation to said at least 
one operation (FIG. 15A). 

Regarding claim 47, Bapat and Glasser, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 43, Bapat further discloses said 

calculation expression can be evaluated at least partly based on at least one state variable of said database (Col. 

26, lines 28-33). 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to HUNG Q. PHAM whose telephone number is 571-272- 
4040. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, JEFFREY A. GAFFIN can be reached on 571-272-4146. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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